 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
radical dreamer
How do I cheat?
![]() Reputation: 0
Joined: 04 Jun 2012
Posts: 6
Location: California, USA
|
 Posted: Tue Oct 22, 2013 3:44 pm Post subject: Koumajou Densetsu 2 Stumped |
 |
|
I'm using Cheat Engine 6.3.
I'm working with a castlevania clone called Koumajou Densetsu 2: Stranger's Requiem.
So the main character can jump, and then if you hit the jump button again, she can fly. If you hit the jump button a 3rd time, it cancels flight, and you cannot re-activate flight until you have landed and jumped again.
I made a code that would allow me to fly over and over without landing, and I am unable to figure out how to get a static version of the code made. 
I tried pointer scans, they return 0 results immediately.
I followed guides that I used before for defeating dma, but the value it's telling me to search for is identical to the address of the original code, and searching for it yields 0 results.
I've attached an image of the "Extra info" screen for the code, and I wonder if someone could suggest a method for that type of code.
| Description: |
|
| Filesize: |
98.59 KB |
| Viewed: |
7245 Time(s) |
|
|
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue Oct 22, 2013 5:53 pm Post subject: |
|
|
| radical dreamer wrote: | | I made a code that would allow me to fly over and over without landing, and I am unable to figure out how to get a static version of the code made. |
1-Next time post the code too; showing the instruction that write to your variable is useful, but if I don't know what you've done with it I can't tell you what you've done wrong.
2-After reading your post over and over, I think you did not make a code but found an address. Look at the "value" column for the cheat you've made:
-if it reads "<script>" you've made a code.
-if you see a number (hmmm 40 when standing, 0 when jumping?) then you've found an address/the address of the variable the holds jump state.
| radical dreamer wrote: | I tried pointer scans, they return 0 results immediately.
I followed guides that I used before for defeating dma, but the value it's telling me to search for is identical to the address of the original code, and searching for it yields 0 results. |
CE tries to guess what value you should search for, but can be fooled; for example when you have something like: | Code: | lea ebx,[eax+1234]
mov dword [ebx], 1 |
Ce will tell you to search for the value of ebx, while you should search for the value of eax (with 0x1234 being the offset). Click on "show disassembler" instead of extra infos, your lea ebx,[???] is wayyyyyyyyyy above: 205 lines or 0x3bc bytes. Actually it's a lea ebx,[ebp+000012E0] meaning that your terminal offset is 0x12e0=4832 so you need a "maximum offset value" of at least 4832 for the pointerscanner to return anything useful (and you can use "pointers must end with specific offset":12e0).
Usually the lea or add is 1-10 line(s) above, so I can't blame you for not finding it.
I took the demo and made a code that allows repeatable hovering, just paste that in cheat engine's main window:
Seeing that the demo's code is identical to the code you posted, it's near certain it'll work with the retail game too. | Code: | <?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>0</ID>
<Description>"Repeatable hover"</Description>
<Color>80000008</Color>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>[ENABLE]
aobscan(FlightPatch,83 0B 10 83 23 FD 8D 4F 10) //slower to activate, but can be use to hardcode this hack
//replace the line above with this for faster activation, but you'll lose the hardcoding ability
//aobscanmodule(FlightPatch,koumajou2.exe,83 0B 10 83 23 FD 8D 4F 10)
registersymbol(FlightPatch)
FlightPatch-3:
nop
nop
nop
[DISABLE]
unregistersymbol(FlightPatch)
FlightPatch-3:
and dword [ebx],-21
</AssemblerScript>
</CheatEntry>
</CheatEntries>
</CheatTable> |
If you don't know what hardcoding is, it means that you can write down the hack directly into the exe file instead of launching cheat engine each time you play. To hardcode a cheat, just use file->open file and browse to the .exe instead of using the computer icon. The rest is as usual.
Q: "83 0B 10 83 23 FD 8D 4F 10"? What does that mean, and when did you find that?
A: "show disassembler" instead of extra infos->look at the "bytes" column, then read tutorials about aobscan.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
radical dreamer
How do I cheat?
![]() Reputation: 0
Joined: 04 Jun 2012
Posts: 6
Location: California, USA
|
| Posted: Tue Oct 22, 2013 9:38 pm Post subject: |
|
|
Yeah that's the one, 40 for standing, 32 for has_jumped, 16 for is_flying, 0 for has_flown_and_is_falling.
So I examined the script and I get how to do aobscan through memory viewer rather than trying to do it in the main cheat engine search screen now. ('coz that returns nothing with those bytes you gave, I assume they need to be flipped in there)
I'm kind of confused on the idea of scripting the opcodes below "and dword [ebx],-21" affect that particular opcode and the ones below it, because originally I had just nop'd that opcode and it gave the effect. 83 23 DF wasn't in the bytes you gave, but that's the line I had been noping, and I do see that it was affecting the lines below it as well.
Did you choose to start where you did, because it was on a "or" opcode, rather than an "and"?
Also there's no need to italicize quotes to make fun of me, because obviously I didn't know what I was doing in this case, which is why I shamefully admitted defeat asked for assist. 
_________________
radical dreamer no-life address finder (from the CMP) |
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue Oct 22, 2013 10:55 pm Post subject: |
|
|
| radical dreamer wrote: | | So I examined the script and I get how to do aobscan through memory viewer rather than trying to do it in the main cheat engine search screen now. ('coz that returns nothing with those bytes you gave, I assume they need to be flipped in there) |
Cheat engine is configured to scan only writable memory by default (there are 3 checkboxes on the main window that read "Writable","Executable","CopyOnWrite") but a program's code is in read only memory. To scan read only memory too, right click on one of those checkboxes->scan all memory, now you should be able to find the bytes/signature I put in my script...I'm surprised they didn't say that in the aobscan tutors.
| radical dreamer wrote: | I'm kind of confused on the idea of scripting the opcodes below "and dword [ebx],-21" affect that particular opcode and the ones below it, because originally I had just nop'd that opcode and it gave the effect. 83 23 DF wasn't in the bytes you gave, but that's the line I had been noping, and I do see that it was affecting the lines below it as well.
Did you choose to start where you did, because it was on a "or" opcode, rather than an "and"? |
No. The aobscan instruction looks for a code signature and places a marker there but that doesn't mean the code you modify is exactly where the marker is. "FlightPatch-3:" means that the nops are going to be applied 3 bytes before the FlightPatch marker...That means that my script nops the and, like you did.
Now why didn't include the and in the signature (and write "FlightPatch-0:" or "FlightPatch:") ? Imagine you start the game, apply your hack, close CE, and suddenly want to disable your hack: CE will search for the and followed by the rest of the signature, but won't find it because said and is nopped, so you're stuck with your hack enabled. If you take the hardcoding thinggie into account, the only way to disable hardcoded hacks that have signature that cover modified bytes is to restore a backup of the file.
| radical dreamer wrote: | | Also there's no need to italicize things to make fun of me, because obviously I didn't know what I was doing in this case, which is why I asked for assist. |
'Twasn't meant to make fun of you, but to insist on what "making a code" means on those forums: doing some programming. Some people think that addresses are "codes", some people think that finding a pointer is "making a code", and I was thinking you were in this category since trying to use the pointerscanner to make a assembly script work doesn't make much sense to me (except when your asm code walks down the pointer, but that didn't seem to be what you were doing).
| radical dreamer wrote: | | But I have "made codes" for many years, just not on these forums and not assembly type. |
The action replay or emulator cheat menu type?
| radical dreamer wrote: | | The reason I chose the word "code" is because I had an address plus a value, and depending on what device you're "making a code" for, that may or may not be enough. |
Pretty much what I thought: you were using the word "code" as it is used in in console hacking (smartphones too?) where you ship the address+value in a format that players don't understand so they slap the word "code" on it and there you go.
Erm... Try no to use it that way here, it'll only make thing even more confusing.
...Sorry I caught (some of) your edits, heh ! 
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
radical dreamer
How do I cheat?
![]() Reputation: 0
Joined: 04 Jun 2012
Posts: 6
Location: California, USA
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
